[OpenSER-Users] How to avoid malicious BYE that update accounting "StopTime"?

Iñaki Baz Castillo ibc at in.ilimit.es
Fri Feb 8 19:16:09 CET 2008


On Friday 08 February 2008 18:34:31 Norman Brandinger wrote:
> RADIUS:
>
> sql.conf or whatever you call it:
>
> <snip>
>
>         WHERE acctsessionid     =   '%{Acct-Session-Id}' \
>         AND acctuniqueid        =   '%{Acct-Unique-Session-Id}' \
>         AND username            =   '%{SQL-User-Name}' \
>         AND nasipaddress        =   '%{NAS-IP-Address}'"
> </snip>
>
>     AND   acctstoptime = 0

Humm, now I see that OpenSer already does it, but it's not perfect in 
conjunction with MediaProxy:


When OpenSer receives a BYE it sends a STOP action to radius server which does 
a SQL query containing:

  -----------------------------------------------------------
  UPDATE radacct  
  SET   [...] ConnectInfo_stop = ''
   WHERE [...] AND ConnectInfo_stop IS NULL
  -----------------------------------------------------------

So if a new identical BYE is received the SQL query won't have place 
since "ConnectInfo_stop" now IS NOT NULL (OK).


The problem occurs if the BYE doesn't exist. Then MediaProxy sends an UPDATE 
action that will perform a SQL query like:

  ------------------------------------------------------------
  UPDATE radacct
  SET [...]
  WHERE [...]
  ------------------------------------------------------------

This SQL doesn't set ConnectInfo_stop = '' so "ConnectInfo_stop" **remains 
NULL**. So then, the malicious user could send a BYE much later that will 
generate an STOP action and an effective SQL query.


POSSIBLE SOLUTION:
********************

MediaProxy SQL query (or FreeRadius SQL UPDATE action) does already set:
  MediaInfo = 'timeout'

The solution then could be setting a new clausule to STOP action:

  where MediaInfo != "timeout"

In this way, if a calls ends because RTP timeout (there is not BYE) then a 
later malicious BYE wouldn't have effect.

-- 
Iñaki Baz Castillo
ibc at in.ilimit.es




More information about the Users mailing list